the foreman project

Top products

The 8 most recently published vulnerabilities affecting the foreman project.

• CVE-2019-10198An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the c...6.5Jul 31, 2019
• CVE-2019-3893In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute reso...4.9Apr 9, 2019
• CVE-2018-14623A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak interna...4.3Dec 13, 2018
• CVE-2018-16861A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able...7.6Dec 7, 2018
• CVE-2017-2662A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not res...4.3Aug 22, 2018
• CVE-2016-8639It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to ...6.1Aug 1, 2018
• CVE-2016-8634A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render...6.1Aug 1, 2018
• CVE-2016-8613A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in ...6.4Jul 31, 2018